> As 2.1.6 is considered the most stable version available, I attempted to
> upgrade from 2.0.x this weekend and failed pretty miserably. Even my
> LDIF dump of the 2.0.x databases weren't compatible and had to be
> manually modified for slapadd to not complain about them. The most
> strange issue is that browsing beyond the root of the directory is not
> possible, although ldapsearch does work if a deeper search base is
> specified. Then there's the lack of LDAP2 binds, which I found how to
> configure around from the list archives.
(Replying to my own post here...)
I've pulled a bit more info from slapd. It seems the "No such object"
errors with the search base of the root appear to be a typical
"insufficient access":
conn=14 op=0 BIND dn="" method=128
conn=14 op=0 RESULT tag=97 err=0 text=
conn=14 op=1 SRCH base="dc=ivy,dc=tec,dc=in,dc=us" scope=2
filter="(objectClass=*)"
conn=14 op=1 RESULT tag=101 err=32 text=
conn=14 op=2 UNBIND
However, this is with only a single ACL: access to * by * read. Change
the search base to one level below the root, say,
ou=people,dc=ivy,dc=tec,dc=in,dc=us, and everything works as expected. So
why not at the root?
Further troubles: Passwords encrypted with the typical {CRYPT} hashes seem
to no longer work: I can't bind against them anymore:
conn=0 op=0 BIND
dn="ctCalXItemId=00100:00001,ou=admins,ou=ctime,ou=Applications,dc=ivy,dc=tec,dc=in,dc=us"
method=128
conn=0 op=0 RESULT tag=97 err=49 text=
..."Invalid credentials."
So I ask again: Is there a document anywhere outlining the changes in
operation made since v2.0.x? Does anyone have any suggestions on how to
make the migration smoothly?
Thanks,
John
--
John Madden
UNIX Systems Engineer
Ivy Tech State College
jmadden@ivytech.edu